hylafax buffer overflow - openSUSE Security - openSUSE Mailing Lists

newer
OT: Congratulations

hylafax buffer overflow

older
AW: [suse-security] Why MY DNS is...

Kevin Ivory

13 Aug 2002 13 Aug '02

13:26

The CERT/Debian announcement referring to Hylafax brought me to http://www.hylafax.org/4.1.3.html "Also fixed is a buffer overflow condition when receiving fax image data which potentially could be exploited to execute arbitrary code as root." Are the SuSE packages affected as well? Are you working on update packages? Kevin -- _ | Kevin Ivory | Tel: +49-551-3700000 |_ |\ | | Service Network GmbH | Fax: +49-551-3700009 ._|ER | \|ET | Bahnhofsallee 1b | mailto:Ivory@SerNet.de Service Network | 37081 Goettingen | http://www.SerNet.de/

Reply

Sign in to reply online Use email software

Show replies by date

Kevin Ivory

30 Aug 30 Aug

08:54

New subject: [suse-security] hylafax buffer overflow

Kevin Ivory wrote:

The CERT/Debian announcement referring to Hylafax brought me to http://www.hylafax.org/4.1.3.html "Also fixed is a buffer overflow condition when receiving fax image data which potentially could be exploited to execute arbitrary code as root."

Are the SuSE packages affected as well? Are you working on update packages?

Two weeks later: Now Mandrake has supplied security updates as well. I still need an answer to the questions above. Kevin -- _ | Kevin Ivory | Tel: +49-551-3700000 |_ |\ | | Service Network GmbH | Fax: +49-551-3700009 ._|ER | \|ET | Bahnhofsallee 1b | mailto:Ivory@SerNet.de Service Network | 37081 Goettingen | http://www.SerNet.de/

Reply

Sign in to reply online Use email software

Thomas Biege

2 Sep 2 Sep

15:47

New subject: [suse-security] hylafax buffer overflow

Hi. On Fri, 30 Aug 2002, Kevin Ivory wrote:

Kevin Ivory wrote:

...
The CERT/Debian announcement referring to Hylafax brought me to http://www.hylafax.org/4.1.3.html "Also fixed is a buffer overflow condition when receiving fax image data which potentially could be exploited to execute arbitrary code as root."

Are the SuSE packages affected as well? Are you working on update packages?

Two weeks later: Now Mandrake has supplied security updates as well. I still need an answer to the questions above.

We are in the process of verifying these bugs and will release new packages if they are serious enough. Stay tuned.... Bye, Thomas -- Thomas Biege <thomas@suse.de> SuSE Linux AG,Deutschherrnstr. 15-19,90429 Nuernberg Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 83 -- Trete durch die Form ein, und trete aus der Form heraus.

Reply

Sign in to reply online Use email software

8173

Age (days ago)

8193

Last active (days ago)

Download

2 comments

2 participants

tags

participants (2)

Kevin Ivory
Thomas Biege